I want to hire the intended recipient of a limited data set to also create the limited data set as my business associate. Can I combine the data and use agreement and business associate contract?

Answer:

Yes. A data use agreement can be combined with a business associate agreement into a single agreement that meets the requirements of both provisions of the HIPAA Privacy Rule. In the above situation, because the covered entity is providing the recipient with protected health information that includes direct identifiers, a business associate agreement would be required in addition to the data use agreement to protect the information.

For example, the agreement must require that the recipient agree to return or destroy the information that includes the direct identifiers once it has completed the conversion for the covered entity.

Date Created: 12/19/2002

Content created by Office for Civil Rights (OCR)
Content last reviewed July 26, 2013

I want to hire the intended recipient of a limited data set to also create the limited data set as my business associate. Can I combine the data and use agreement and business associate contract?

Answer:

Subscribe to Email Updates